Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-14020

    In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer ... Read more

    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14034

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application... Read more

    Affected Products : libbpg
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14139

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.... Read more

    Affected Products : imagemagick
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14022

    An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted s... Read more

    Affected Products : factorytalk_alarms_and_events
    • Published: Dec. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14036

    CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.... Read more

    Affected Products : crushftp
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14062

    Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.... Read more

    Affected Products : debian_linux libidn2
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-14085

    Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.... Read more

    Affected Products : officescan
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14092

    The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.... Read more

    Affected Products : scanmail
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14098

    In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.... Read more

    Affected Products : asterisk
    • Published: Sep. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14115

    The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access... Read more

    • Published: Sep. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-14117

    The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to ... Read more

    • Published: Sep. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-14128

    The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) v... Read more

    Affected Products : binutils
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-14245

    An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.... Read more

    Affected Products : debian_linux libsndfile
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-14108

    libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.... Read more

    Affected Products : gedit
    • Published: Sep. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14243

    An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi,... Read more

    Affected Products : wa3002g4_firmware wa3002g4
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-14123

    Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server co... Read more

    Affected Products : manageengine_firewall_analyzer
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14137

    ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.... Read more

    Affected Products : imagemagick
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14143

    The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execut... Read more

    Affected Products : kaltura_server
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-14170

    In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does... Read more

    Affected Products : ffmpeg
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14160

    The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.... Read more

    Affected Products : debian_linux libvorbis
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294858 Results